updated metadata,info

cves/2023/CVE-2023-28434.yaml

@@ -1,14 +1,11 @@
 id: CVE-2023-28434
+
 info:
   name: Minio post policy request security bypass
   author: Mr-xn
   severity: high
-  description: Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z,
-    an attacker can use crafted requests to bypass metadata bucket name checking and
-    put an object into any bucket while processing `PostPolicyBucket`. To carry out
-    this attack, the attacker requires credentials with `arn:aws:s3:::*` permission,
-    as well as enabled Console API access. This issue has been patched in RELEASE.2023-03-20T20-16-18Z.
-    As a workaround, enable browser API access and turn off `MINIO_BROWSER=off`.
+  description: |
+    Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z,an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket`. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access. This issue has been patched in RELEASE.2023-03-20T20-16-18Z. As a workaround, enable browser API access and turn off `MINIO_BROWSER=off`.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2023-28434
     - https://github.com/golang/vulndb/issues/1669
@@ -18,7 +15,11 @@ info:
     cvss-score: 8.8
     cve-id: CVE-2023-28434
     cwe-id: CWE-269
-  tags: cve,cve2023,
+  metadata:
+    verified: "true"
+    fofa-query: app="minio"
+  tags: cve,cve2023,minio,bypass
+
 requests:
   - raw:
       - |+
@@ -32,10 +33,12 @@ requests:
         part: body
         words:
           - '"MinioEndpoints"'
+
       - type: word
         part: header
         words:
-          - 'Content-Type: text/plain'
+          - 'text/plain'
+
       - type: status
         status:
           - 200